Working with your Board to Improve Risk Management and Board Risk Oversight
39
Page 1 Recording of this session via any media type is strictly prohibited. Page 1 Working with your Board to Improve Risk Management and Board Risk Oversight Paul Walker – Schiro/Zurich Chair of ERM at St. John’s University Arya Yarpezeshkan – CRO at the Navigator’s Group Joe Pugh – Sr. Advisor, ERM at AARP
Working with your Board to Improve Risk Management and Board Risk Oversight
Working with your Board to Improve Risk Management and Board Risk Oversight. Paul Walker – Schiro/Zurich Chair of ERM at St. John’s University Arya Yarpezeshkan – CRO at the Navigator’s Group Joe Pugh – Sr. Advisor, ERM at AARP. Presenters. • Paul Walker, Ph.D., CPA - PowerPoint PPT Presentation
Citation preview
PowerPoint PresentationPage *
Recording of this session via any media type is strictly
prohibited.
Page *
Working with your Board to Improve Risk Management and Board Risk
Oversight
Paul Walker – Schiro/Zurich Chair of ERM at St. John’s
University
Arya Yarpezeshkan – CRO at the Navigator’s Group
Joe Pugh – Sr. Advisor, ERM at AARP
Page *
Recording of this session via any media type is strictly
prohibited.
• Paul Walker, Ph.D., CPA
• Arya Yarpezeshkan
• Joe Pugh
Presenters
Page *
Recording of this session via any media type is strictly
prohibited.
Top Issues for Boards
Risk oversight
Strategic risks
Investors want more information on strategy and risk oversight
(what the board is thinking)
To create objectives targeted to the audience and desired level of
learning/thinking:
1. Ask yourself whether you want attendees to be able to: know,
apply, integrate, consider the human
dimension, care, learn to learn, comprehend, apply, analyze,
synthesize, or evaluate .These outcomes
represent different levels/kinds of thinking.
2. Match your action words to the desired level of
learning/thinking (see Presenter Tips #1 at end of presentation
template)
3. Match learning objective with appropriate teaching/learning
strategy (see Presenter Tips #2 at end of presentation
template).
*
Page *
Recording of this session via any media type is strictly
prohibited.
SEC 2014 National Exam Priorities
Designed to:
communicate with investors and registrants about areas that the
staff perceives to have heightened risk
and to support the Securities and Exchange Commission (“SEC”)
mission to protect investors;
To create objectives targeted to the audience and desired level of
learning/thinking:
1. Ask yourself whether you want attendees to be able to: know,
apply, integrate, consider the human
dimension, care, learn to learn, comprehend, apply, analyze,
synthesize, or evaluate .These outcomes
represent different levels/kinds of thinking.
2. Match your action words to the desired level of
learning/thinking (see Presenter Tips #1 at end of presentation
template)
3. Match learning objective with appropriate teaching/learning
strategy (see Presenter Tips #2 at end of presentation
template).
*
Page *
Recording of this session via any media type is strictly
prohibited.
SEC 2014 National Exam Priorities
Corporate Governance, Conflicts of Interest, and Enterprise Risk
Management. The NEP will continue to meet with senior management
and boards of entities registered with the SEC, including their
affiliates where appropriate, to discuss how each firm identifies
and mitigates conflicts of interest and legal, compliance,
financial, and operational risks. This initiative is designed to:
(i) evaluate firms’ control environment and “tone at the top,” (ii)
understand firms’ approach to conflict and risk management, and
(iii) initiate a dialogue on key risks and regulatory
requirements.
To create objectives targeted to the audience and desired level of
learning/thinking:
1. Ask yourself whether you want attendees to be able to: know,
apply, integrate, consider the human
dimension, care, learn to learn, comprehend, apply, analyze,
synthesize, or evaluate .These outcomes
represent different levels/kinds of thinking.
2. Match your action words to the desired level of
learning/thinking (see Presenter Tips #1 at end of presentation
template)
3. Match learning objective with appropriate teaching/learning
strategy (see Presenter Tips #2 at end of presentation
template).
*
Page *
Recording of this session via any media type is strictly
prohibited.
What to Expect
Strategies for working with your board
Ways to present and report an integrated, transparent view of your
organization’s risks
Ideas on improving and benchmarking risk management and board risk
oversight
To create objectives targeted to the audience and desired level of
learning/thinking:
1. Ask yourself whether you want attendees to be able to: know,
apply, integrate, consider the human
dimension, care, learn to learn, comprehend, apply, analyze,
synthesize, or evaluate .These outcomes
represent different levels/kinds of thinking.
2. Match your action words to the desired level of
learning/thinking (see Presenter Tips #1 at end of presentation
template)
3. Match learning objective with appropriate teaching/learning
strategy (see Presenter Tips #2 at end of presentation
template).
*
Page *
Recording of this session via any media type is strictly
prohibited.
1. INTERNATIONAL SPECIALTY INSURANCE UNDERWRITER
3. ONE OF THE “100 MOST TRUSTWORTHY COMPANIES” BY FORBES.COM
2. FOCUSED ON MARINE, ENERGY, SPECIALTY CASUALTY, AND D&O /
PROFESSIONAL LIABILITY
Page *
Recording of this session via any media type is strictly
prohibited.
*
Governance & Compliance
Risk Sub-Committee
UW & Claims
Risk Sub-Committee
Page *
Recording of this session via any media type is strictly
prohibited.
Recommendation: Clarify roles and responsibilities
Roles and Responsibilities
Oversight
Escalation
Coordination
Ownership
Assurance
Page *
Recording of this session via any media type is strictly
prohibited.
Recommendation: Provide the Appropriate Information For the Board
to Execute its Oversight Duties
Is the board receiving the information it needs to foster effective
risk oversight, or is it drowning in data providing little
knowledge or insight?
Are we providing the appropriate information for the board to
determine if management is effectively managing risk?
Is there sufficient agenda time for discussing the enterprise’s
risks?
Page *
Recording of this session via any media type is strictly
prohibited.
Recommendation: Know Your Audience
Unsure of the appropriate level of detail? Then ask them.
Page *
Recording of this session via any media type is strictly
prohibited.
Example: Board Risk Reporting
3. Key risks
4. Risk events
Agenda
Page *
Recording of this session via any media type is strictly
prohibited.
Example: Board Risk Reporting
Page *
Recording of this session via any media type is strictly
prohibited.
Example: Board Risk Reporting
Page *
Recording of this session via any media type is strictly
prohibited.
Example: Board Risk Reporting
Page *
Recording of this session via any media type is strictly
prohibited.
Example: Board Risk Reporting
Summary
Investment risk increased by xx% as a result of heightened
volatility in the Treasury Markets; however, the risk is still
within our tolerances.
Risk Drivers
Quantification
Page *
Recording of this session via any media type is strictly
prohibited.
Example: Board Risk Reporting
Investment Key Risk Indicators
Volatility at 99% VaR
Global Financial Stress Scenarios
Page *
Recording of this session via any media type is strictly
prohibited.
Example: Board Risk Reporting
Prolonged Power Blackout
Page *
Recording of this session via any media type is strictly
prohibited.
Takeaways
Have a governance framework that is appropriate and effective for
your organization
Clarify responsibilities
Use the Report Appendix to your advantage
The information presented herein is for informational purposes only
and is not intended to be legal, accounting or other professional
advice or opinions on specific facts or matters, used for trading
or investment purposes or a complete description of certain aspects
of the business of Navigators and its operating subsidiaries.
Page *
Recording of this session via any media type is strictly
prohibited.
1. SOCIAL MISSION ORGANIZATION
4. A TRUSTED SOURCE OF INFORMATION
5. OFFERS ACCESS TO PROGRAMS, SERVICES & DISCOUNTS
6. CONNECTS PEOPLE TO VOLUNTEER OPPORTUNITIES
Page *
Recording of this session via any media type is strictly
prohibited.
ERM at AARP
Page *
Recording of this session via any media type is strictly
prohibited.
Recommendation: Assign ERM to the full board and keep them
focused
Does the full board have primary governance oversight?
Is the full board focused on the top strategic risks?
Is the full board dealing with the details of how management is
managing the risks?
Is the board’s role one of “risk” management or “list”
management?
Page *
Recording of this session via any media type is strictly
prohibited.
Recommendation: Include ERM on board self-assessment
“Critical risks facing the organization are proactively identified
by management and fully vetted with the board”
“An appropriate process is in place to effectively manage each of
the critical risk areas”
“The board holds management accountable for effective ERM
stewardship”
Page *
Recording of this session via any media type is strictly
prohibited.
Recommendation: Benchmark your program
Board’s like to know how your program stacks up
Is the board comfortable that you have an effective program in
place for managing risks?
– If not, share statistics
Page *
Recording of this session via any media type is strictly
prohibited.
Recommendation: Keep risk reporting simple
Does the board have the right information for effective risk
oversight?
Content over quantity
Are we providing transparency and insight in our risk
reporting?
Page *
Recording of this session via any media type is strictly
prohibited.
Example: Board Risk Reporting
Page *
Recording of this session via any media type is strictly
prohibited.
Example: Board Risk Reporting
Page *
Recording of this session via any media type is strictly
prohibited.
Example: Board Risk Reporting
Page *
Recording of this session via any media type is strictly
prohibited.
Example: Board Risk Reporting
Page *
Recording of this session via any media type is strictly
prohibited.
Takeaways
Assign ERM to the full board and keep them focused
Include ERM on board self-assessment
Benchmark your program
Page *
Recording of this session via any media type is strictly
prohibited.
Board Risk Oversight Improvement
ERM: required and also increases value, lowers earnings volatility,
leads to better decisions, improves reputation…
Governance metrics are used by analysts, viewed by the market,
bad/good news, impact the ability to attract board members
We have governance metrics and board assessment but not BRO metrics
or assessment
To create objectives targeted to the audience and desired level of
learning/thinking:
1. Ask yourself whether you want attendees to be able to: know,
apply, integrate, consider the human
dimension, care, learn to learn, comprehend, apply, analyze,
synthesize, or evaluate .These outcomes
represent different levels/kinds of thinking.
2. Match your action words to the desired level of
learning/thinking (see Presenter Tips #1 at end of presentation
template)
3. Match learning objective with appropriate teaching/learning
strategy (see Presenter Tips #2 at end of presentation
template).
*
Page *
Recording of this session via any media type is strictly
prohibited.
Board Risk Oversight Improvement
BRO Methods
BRO assessment and self-assessment
BRO metrics and questions
To create objectives targeted to the audience and desired level of
learning/thinking:
1. Ask yourself whether you want attendees to be able to: know,
apply, integrate, consider the human
dimension, care, learn to learn, comprehend, apply, analyze,
synthesize, or evaluate .These outcomes
represent different levels/kinds of thinking.
2. Match your action words to the desired level of
learning/thinking (see Presenter Tips #1 at end of presentation
template)
3. Match learning objective with appropriate teaching/learning
strategy (see Presenter Tips #2 at end of presentation
template).
*
Page *
Recording of this session via any media type is strictly
prohibited.
Board Risk Oversight Improvement
BRO 30 (Walker et al. 2012)
RCC 27 (Walker et al. 2014)
To create objectives targeted to the audience and desired level of
learning/thinking:
1. Ask yourself whether you want attendees to be able to: know,
apply, integrate, consider the human
dimension, care, learn to learn, comprehend, apply, analyze,
synthesize, or evaluate .These outcomes
represent different levels/kinds of thinking.
2. Match your action words to the desired level of
learning/thinking (see Presenter Tips #1 at end of presentation
template)
3. Match learning objective with appropriate teaching/learning
strategy (see Presenter Tips #2 at end of presentation
template).
*
Page *
Recording of this session via any media type is strictly
prohibited.
Board Risk Oversight Tool
In recent work the authors found that the number one tool used by
companies to manage risk is not some sophisticated modeling tool or
even a risk assessment exercise. Instead, the number one tool
preferred by many companies is to have a conversation about risks
with management, and with and among the board. The tool presented
here is not meant to replace that conversation, but should be used
to ignite that conversation.
*
Page *
Recording of this session via any media type is strictly
prohibited.
Tool
The board and the organization have a rigorous strategic plan which
incorporates all major and emerging risks.
The board is comfortable that management has identified all
enterprise level risks.
The board has a clearly defined risk oversight process and has
clearly established risk responsibility.
The organization has a CRO or ERM leader with direct line reporting
to the board or a respective board committee.
The board quarterly reviews risk maps, risk dashboards, or related
risk reporting.
The board and organization go beyond risk maps and generate risk
action plans as well as related risk metrics.
Corporate decision making includes a discussion of the potential
risks embedded in those decisions.
The organization is prepared for a S&P or Moody’s assessment of
their ERM process.
The board is informed of emerging risks on a timely basis.
The board has received ERM training.
*
Page *
Recording of this session via any media type is strictly
prohibited.
Tool
Executives openly share all risk information with board
committees.
The organization has had no major risk debacles in the past fiscal
period.
Executives and management level risk committees have adequate
resources and training to identify and manage risks.
Important risk information is streamlined and reported to the
appropriate executives and board level committees promptly.
ERM is viewed as a critical way to create value and grow the
organization, while taking the appropriate risks.
The organization identifies the risks related to compensation
plans.
Performance is evaluated in relation to the risks taken in
achieving that performance.
The organization views and assesses risk by business unit.
*
Page *
Recording of this session via any media type is strictly
prohibited.
Tool
The board is engaged in the discussion of strategy and the related
risks.
The board includes some members who are experts in the
organization’s relevant risks or risk oversight.
The board feels confident in the risk oversight process.
The board examines its own talent for diversity of views and for
the ability to oversee risk.
The board examines risks that management missed to determine if the
risk was not identified or if it was not assessed properly. The
feedback is used to manage future risks better.
The board has good communication with the CEO on the risks facing
the enterprise (both current and emerging).
The board and management regularly assess their ERM process.
*
Page *
Recording of this session via any media type is strictly
prohibited.
St John’s Univ/Tobin College of Business
MS Risk
Center for Excellence in ERM
Executive Education – Certificate in ERM
Booth _____
Page *
Recording of this session via any media type is strictly
prohibited.
Questions, Final Comments and
LOWEmerging Risk 3
Time frame
%$%$
1. Maintain a maximum single risk net incurred loss tolerance <
x% of shareholder equity
2. A single loss-producing event (natural or man-made catastrophe)
will not generate net incurred loss of more than x%
of shareholders equity, as measured at a 99.6th % excedance
probability (1-in-250 year).
3. Multiple loss-producing events within a single 12 month period
will not generate net incurred loss of more than x% of
shareholders equity, as measured at a 99.6% excedance probability
(1-in-250 year).
4. A single or combination of exogenous economic shocks will not
result in a de-valuation of invested assets greater
than x%, in any continuous 12 month period or less, as measured at
a 99.6% excedance probability (1-in-250 year).
5. No single Division will constitute more than x% of our GWP in
any single calendar year.
6. Maintain broad and deep intellectual capital in our underwriting
units to ensure that business interruption from loss
of key personnel cannot cause more than x% of lost GWP over the
course of a single year.
7. Business interruption (from external event, disruption to
systems / premises) will be mitigated so that no more than
x% of GWP is lost over the course of a year.
Q4 13
Stochastically modeled. Investment data as of 9/30/2013. Q4 131/100
yr$xx$xx$xx
Figures in (000s)
Q3 2013
Japan Earthquake - Mar 2011
Equities up 10%
Equity Markets Rebound - 2009
Solar Storm events, Failing infrastructures; Cyber attacks
The event could impact multiple lines of business and cause
signficant supply chain disruptions.
Traditional loss scenarios only assume power blackouts for a few
hours or days. However, space weather events or coordinated terror
attacks
could cause prolonged blackouts with significant impacts on society
and industry. Critical infrastructure such as communication and
transport
would be hampered, heating and water supply would stop, and
production processes and trading would seize.
6 m - 2 years (medium-term)